CVE-2019-6293: system/flex: recursive call stack exhaustion
| Bugzilla ID | 147 |
| Alias(es) | CVE-2019-6293 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2019-07-31 07:09:24 -0500 |
| Modified | 2020-06-22 06:08:30 -0500 |
| Status | CONFIRMED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / minor |
| Package(s) | system/flex |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2019-6293 |
Description
An issue was discovered in the function mark_beginning_as_normal in
nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the
mark_beginning_as_normal function making recursive calls to itself in
certain scenarios involving lots of '*' characters. Remote attackers
could leverage this vulnerability to cause a denial-of-service.